cannot open for write /var/spool/qscan/quarantine-events.db.tmp

I'm having trouble with the final test suggested by the
qmail-scanner
configure script. I get the "permission denied"
error as below.

[rootambassador qmail-scanner-2.01]# setuidgid qmaild 
  /var/qmail/bin/qmail-scanner-queue.pl -g
perlscanner: generate new DB file from
/var/spool/qscan/quarantine-events.txt
X-Qmail-Scanner-2.01:[] cannot open for write
/var/spool/qscan/quarantine-events.db.tmp - Permission
denied

I have read the FAQ and the configure script thinks I have a
working
suidperl. I use Fedora 7 Linux.

Any idea how to fix this?

I have pasted a directory listing of /var/spool/qscan and a
detailed log
of my installation steps below:


[rootambassador qmail-scanner-2.01]# ./configure 
--spooldir /var/spool/qmailscan 
--bindir /var/qmail/bin 
--admin virusadmin --domain
ambassador.digitalinscription.com 
--notify psender,nmlvadm 
--local-domains ambassador.digitalinscription.com 
--lang en_GB 
--debug no 
--unzip no 
--add-dscr-hdrs no 
--archive no 
--redundant no 
--log-details no 
--log-crypto no 
--fix-mime yes  
--ignore-eol-check no 
--scanners "verbose_spamassassin" 
--install 1

Building Qmail-Scanner 2.01...

This script will search your system for the virus scanners
it knows
about, and will ensure that all external programs
qmail-scanner-queue.pl uses are explicitly pathed for
performance
reasons.

Continue? ([Y]/N)
y

Found tnef on your system! That means we'll be able to
decode stupid
M$ attachments 


The following binaries and scanners were found on your
system:

mimeunpacker=/usr/custom/reformime
tnef=/usr/bin/tnef

Content/Virus Scanners installed on your System

max-scan-size=100000000
verbose_spamassassin=/usr/bin/spamc

Qmail-Scanner details.

log-details=0
log-crypto=no
fix-mime=2
ignore-eol-check=0
debug=0
notify=psender,nmlvadm
redundant-scanning=no
virus-admin=System Anti-Virus Administrator
<virusadminambassador.digitalinscription.com>
local-domains='ambassador.digitalinscription.com'
silent-viruses='klez','bugbear','hybris','yaha','braid','nim
da','tanatos','sobig','winevar','palyh','fizzer','gibe','cai
lont','lovelorn','swen','dumaru','sober','hawawi','holar-i',
'mimail','poffer','bagle','worm.galil','mydoom','worm.sco','
tanx','novarg','mm'
scanners="verbose_spamassassin"

If that looks correct, I will now generate
qmail-scanner-queue.pl
for your system...
Continue? ([Y]/N)
y
Testing suid nature of /usr/bin/perl...
Looks OK...
Hit RETURN to create initial directory structure under
/var/spool/qmailscan,
and install qmail-scanner-queue.pl under /var/qmail/bin:
perlscanner: generate new DB file from
/var/spool/qscan/quarantine-events.txt
perlscanner: total of 12 entries.

Finished installation of initial directory structure for
Qmail-Scanner
under /var/spool/qmailscan and qmail-scanner-queue.pl under
/var/qmail/bin.

Finished. Please read README(.html) and then go over the
script
(/var/qmail/bin/qmail-scanner-queue.pl) to check paths/etc.

"/var/qmail/bin/qmail-scanner-queue.pl -r" should
return some well-known
virus
definitions to show that the internal perlscanner component
is working.

That's it!



               ****** FINAL TEST ******

Please log into an unpriviledged account and run
/var/qmail/bin/qmail-scanner-queue.pl -g

If you see the error "Can't do setuid", or
"Permission denied", then
refer to the FAQ.

(e.g.  "setuidgid qmaild
/var/qmail/bin/qmail-scanner-queue.pl -g")


That's it! To report success:

    % (echo 'First M. Last'; cat SYSDEF)|mail
jhaar-s4vstatscrom.trimble.co.nz
Replace First M. Last with your name.
[rootambassador qmail-scanner-2.01]# setuidgid qmaild
/var/qmail/bin/qmail-scanner-queue.pl -g
perlscanner: generate new DB file from
/var/spool/qscan/quarantine-events.txt
X-Qmail-Scanner-2.01:[] cannot open for write
/var/spool/qscan/quarantine-events.db.tmp - Permission
denied
[rootambassador qmail-scanner-2.01]# d -l
/var/spool/qscan
total 28
-rw-rw---- 1 qscand qscand    21 2007-07-12 09:02
qmail-scanner-queue-version.txt
-rw-r----- 1 qscand qscand 12288 2007-07-12 09:02
quarantine-events.db
-rw-rw---- 1 root   root    9168 2007-07-11 23:48
quarantine-events.txt
-rw-rw---- 1 root   root       0 2007-07-12 09:02
quarantine.log


-- 
Rohan Carly


------------------------------------------------------------
-------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and
take
control of your XML. No limits. Just data. Click to get it
now.
http://sourcefor
ge.net/powerbar/db2/
_______________________________________________
Qmail-scanner-general mailing list
Qmail-scanner-generallists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/q
mail-scanner-general

At 9:17 +0800 12-07-2007, Rohan Carly wrote:
>I'm having trouble with the final test suggested by the
qmail-scanner
>configure script. I get the "permission
denied" error as below.

>If you see the error "Can't do setuid", or
"Permission denied", then
>refer to the FAQ.
>
>(e.g.  "setuidgid qmaild
/var/qmail/bin/qmail-scanner-queue.pl -g")
>
>
>That's it! To report success:
>
>     % (echo 'First M. Last'; cat SYSDEF)|mail
>jhaar-s4vstatscrom.trimble.co.nz
>Replace First M. Last with your name.
>[rootambassador qmail-scanner-2.01]# setuidgid qmaild
>/var/qmail/bin/qmail-scanner-queue.pl -g
>perlscanner: generate new DB file from
>/var/spool/qscan/quarantine-events.txt
>X-Qmail-Scanner-2.01:[] cannot open for write
>/var/spool/qscan/quarantine-events.db.tmp - Permission
denied
>[rootambassador qmail-scanner-2.01]# d -l
/var/spool/qscan
>total 28
>-rw-rw---- 1 qscand qscand    21 2007-07-12 09:02
>qmail-scanner-queue-version.txt
>-rw-r----- 1 qscand qscand 12288 2007-07-12 09:02
quarantine-events.db
>-rw-rw---- 1 root   root    9168 2007-07-11 23:48
quarantine-events.txt
>-rw-rw---- 1 root   root       0 2007-07-12 09:02
quarantine.log

Hi Rohan

You are having a logical result from that test,
unfortenately you are 
running a test for the very old versions of qmail-scanner
and that 
information has not been updated in recent version... The
user 
'qmaild' cannot read that file, in past times qmail-scanner
was run 
by 'qmaild' but currently is run by 'qscand', so the test
should be:

"setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl
-g"

Regards

ST

------------------------------------------------------------
-------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and
take
control of your XML. No limits. Just data. Click to get it
now.
http://sourcefor
ge.net/powerbar/db2/
_______________________________________________
Qmail-scanner-general mailing list
Qmail-scanner-generallists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/q
mail-scanner-general

Salvatore Toribio wrote:
>
> You are having a logical result from that test,
unfortenately you are 
> running a test for the very old versions of
qmail-scanner and that 
> information has not been updated in recent version...
The user 
> 'qmaild' cannot read that file, in past times
qmail-scanner was run 
> by 'qmaild' but currently is run by 'qscand', so the
test should be:
>
> "setuidgid qscand
/var/qmail/bin/qmail-scanner-queue.pl -g"
>   
Hi there

Actually the documentation is correct. As
/var/qmail/bin/qmail-scanner-queue.pl is setuid qscand,
running
"setuidgid qmaild xxxxx" works fine. It represents
a "full test" -
emulating what happens when qmail-smtpd (which runs as
qmaild) calls
qmail-scanner.

The presence of those "root" files makes me think
you've got a
half-installed Q-S. Remove the lot and do it again. End of
the day, the
/var/spool/qscan directory tree is meant to be owned by
"qscand"...


-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB
FE1D 66D1


------------------------------------------------------------
-------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and
take
control of your XML. No limits. Just data. Click to get it
now.
http://sourcefor
ge.net/powerbar/db2/
_______________________________________________
Qmail-scanner-general mailing list
Qmail-scanner-generallists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/q
mail-scanner-general